hardening FreeBSD, already using GBDE

Ivan Voras ivoras at freebsd.org
Thu Jan 21 15:51:55 UTC 2010

On 01/21/10 16:32, Henry Olyer wrote:
> For example, the editor I use normally writes to /tmp -- I changed that,
> making it slower, but in the event that someone takes my laptop I want to
> sleep at night.

If you use a swap-backed memory drive (see 
http://man.freebsd.org/mdconfig) for /tmp and use geli to encrypt the 
swap, there would be no chance of recovery of your temporary files.

> I've no problem letting some poor person make a windoz machine out of my
> laptop -- but I don't want to share my work, my intellectual property.  (I
> do research.)
> So, I'm looking for a list of changes to make, hacks really, that will
> further tighten up security.

You did not specify anything really exact. You already encrypt your 
on-disk data. Do you always use encrypted network protocols like ssh and 
https? Strong passwords? Adequate physical security? Up-to-date software?

More information about the freebsd-questions mailing list